Privacy Policy

Information We Collect

Building Data: OpenStoop aggregates publicly available building data from New York City government sources including HPD, DOB, DOF, FDNY, and the 311 system. Property owner names shown are part of the public record.

Email Addresses: When you access building reports or subscribe to updates, we collect your email address. We use it to deliver the service you requested and occasional product updates. We do not sell or share your email with third parties.

Payment Information: When you purchase a building report, payment is processed securely by Stripe. OpenStoop does not receive, store, or have access to your credit card number. We receive only a transaction confirmation, your email, and a Stripe customer ID.

Analytics: We collect standard web analytics (page views, referrers, device type) to improve the service. We do not use third-party advertising trackers.

Cookies

OpenStoop uses a small number of functional cookies: an email verification cookie (os_email) to maintain your session, and standard analytics cookies. We do not use advertising or tracking cookies.

Not a Consumer Report

OpenStoop building reports are informational tools based on public records and do not constitute “consumer reports” as defined by the Fair Credit Reporting Act (FCRA). See our Terms of Service for details.

Your Rights (CCPA)

If you are a California resident, you have the right to request access to, deletion of, or opt-out of the sale of your personal information. We do not sell personal information. To exercise your rights, email us at hello@openstoop.com. We will respond within 45 days.

Data Retention & Deletion

You may request deletion of your email and any associated data at any time by contacting hello@openstoop.com. We will delete your information within 30 days of a verified request.

API Usage

API access may be subject to rate limiting and usage tracking. API keys, if issued, are stored securely and used solely for authentication and usage management.

Third-Party Service Providers

We use the following third-party services to operate OpenStoop:

• Stripe — payment processing (privacy policy)
• Vercel — website hosting (privacy policy)
• PostHog — product analytics (privacy policy)
• Cloudflare — CDN and DNS (privacy policy)
• Resend — transactional email (privacy policy)

European Users (GDPR)

If you are located in the European Economic Area or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing of, and port your personal data. Our legal basis for processing your data is legitimate interest (providing the service) and, where applicable, your consent. To exercise your rights, contact hello@openstoop.com.

Data Security & Breach Notification

We implement reasonable technical and organizational measures to protect your personal information. In the event of a data breach affecting your personal information, we will notify affected users and relevant authorities as required by applicable law.

Contact

For privacy-related inquiries, contact us at hello@openstoop.com.